Today, millions of computer users use all types of computers to shop online, trade stocks, made travel plans, etc., with the knowledge that their transactions are secure. Use of secure transactions has increased over the last few years with the use of the Internet.
Such secure transactions are due in large part to the user of digital certificates that are issued by certificate authorities. Users who participate in secure online transactions interact with digital identities, or certificates, that are tamper-proof digital documents that identify a person or a machine. Theoretically, anyone can create a digital identity claiming to be anybody else. But for secure transactions, digital identities must be issued by a trusted entity or organization.
If a computer operating system recognizes trusted authorities, it maintains of list of trusted certificate authorities. When a user encounters a certificate used in a secure transaction, the transaction may proceed if the operating system identifies the certificate as being issued by a trusted authority.
The certificate does not identify the trusted authority per se, but it must indicate that the trusted authority issued the certificate, because the trusted authority may also issue trusted certificates to other identities. Because a trusted authority is authorized to issue certificates to secondary authorities that may, in turn, issue certificates to other authorities, and so on, the trusted authority is also called a “certifying authority” or a “root authority.”
Each issuing authority digitally signs the certificate of an entity that it authorizes so that all certificates emanating from a root authority are cryptographically secure. When a computer system attempts to verify a certificate, the digital signature may be read to identify the authority that issued it until the root authority from which the authorization originated can be identified. If the root authority is identified as a trusted authority, the certificate is verified as authentic.
If the operating system does not recognize the certificate as being issued by an authority that was ultimately approved by a root authority, then the transaction may be automatically terminated by the operating system. Alternatively, the user may receive a prompt giving the user an option to manually authorize the transaction or to abort the transaction. Such an out-of-band transaction to authorize a site is an inconvenience that is fundamentally unfair to legitimate sites that don't happen to be listed as an authorized site on a particular computer system.
The number of root authorities has increased with the growth of electronic transactions. This has presented a problem for manufacturers of operating systems that are configured to recognize trusted authorities in online transactions. When digital certificates were first coming into use, the number of root authorities did not increase very rapidly. It was simple to update a list of root authorities that were trusted by an operating system whenever a new version of the operating system (or an add-on service pack) was loaded into the host computer system.
However, since the number of requests by entities to be accepted as a root authority is increasing so rapidly, simply updating a trusted root authority list with operating system updates has become unacceptable. Also, since the trusted authority identification process is a process that a majority of users typically does not want to be bothered with, it is impractical to have users periodically obtain a new authority list, whether online or from a disk. A new process of updating a list of trusted authorities in a computer system must be virtually transparent to a user of the computer system in order to provide the most satisfying secure computing experience for the user.
Another problem that may occur with present systems and methods for distributing trusted root authorities is that sometimes a root authority may be compromised so that it can no longer be trusted. An operating system manufacturer currently has no way to recall trusted root authority lists that have already been shipped or installed in computer systems.